On AWS, I built a Lambda function which is exposed on the web using API Gateway.
Access to the API is secured by Amazon Cognito.
My problem is I can't send a request to this API from a client hosted at test.mydomain.com, even after I successfully authenticate on Cognito (thus sending the required token in the request header).
The code I use on my web client to send the request to API Gateway endpoint:
function ajaxPost(url, data, callback) {
var req = new XMLHttpRequest();
req.open("POST", url);
req.addEventListener("load", function () {
if (req.status >= 200 && req.status < 400) {
callback(req.responseText);
} else {
console.error(req.status + " " + req.statusText + " " + url);
}
});
req.addEventListener("error", function () {
console.error("URL " + url + " unreachable.");
});
req.setRequestHeader("Content-Type", "application/json");
req.setRequestHeader("Authorization", data.get("id-token"));
data = JSON.stringify(data);
req.send(data);
}
I enabled CORS on the API method via AWS console, and also on my browser for testing, so cross-domain requests should be allowed.
EDIT
After adding Access-Control-Expose-Headers in the API Gateway CORS config, the error message I get from the Chrome console is: "XMLHttpRequest cannot load https://XXXX.execute-api.us-east-1.amazonaws.com/prod/RessourceName. Response for preflight has invalid HTTP status code 401" and I can see "x-amzn-errortype:UnauthorizedException" in the OPTIONS response Header.
It's been a few days now, and after looking at every API Gateway tutorials and config, I'm still stucked... Any help would be appreciated, thanks a lot!
OPTIONSrequest work from curl? e.g.curl -v -X OPTIONS https://...– Michael - sqlbot